This is the 20th day of my participation in the Genwen Challenge
1. Basic HTTP protocol
(1) HTTP noun interpretation
Web uses a Protocol named HTTP (HyperText Transfer Protocol) as a specification to complete a series of operations from the client to the server. An agreement is a stipulation of rules. It can be said that the Web is built on the HTTP protocol for communication. HTTP is often translated as hypertext Transfer protocol, but this translation is not rigorous. The proper translation should be “Hypertext Transfer Protocol”.
(2) Basic network TCP/IP
Commonly used networks, including the Internet, operate on the basis of the TCP/IP protocol family. HTTP is a subset of that.
A. TCP/IP protocol family
There are all sorts of things in agreements. From cable specifications to the method of selecting IP addresses, the method of finding remote users, the order in which the two parties establish communication, and the Web page display of the steps to be processed, and so on. A collection of protocols associated with the Internet like this is collectively called TCP/IP. It is also said that TCP/IP refers to TCP and IP. Another view is that TCP/IP is the general name of the protocol family used in IP protocol communication.
B. Layered TCP/IP management
There are benefits to having TCP/IP layered. For example, if the Internet was governed by only one protocol, when a design change was needed somewhere, all parts would have to be replaced altogether. And after the layer only need to change the layer can be replaced. Once the interfaces between the layers are laid out, the internal design of each layer is free to change. The functions of each layer of the TCP/IP protocol family are as follows:
Application Layer The application layer determines the activities of communication when providing application services to users. The TCP/IP protocol family stores various common application services. For example, FileTransfer Protocol (FTP) and Domain Name System (DNS) services are two of them. The HTTP protocol is also in this layer.
Transport layer The transport layer provides data transfer between two computers on a network connection. At the transport layer, there are two different protocols: Transmission Control Protocol (TCP) and User Data Protocol (UDP).
Network layer (also known as the Network interconnection layer) The network layer is used to process the packets that flow over the network. A packet is the smallest unit of data transmitted over a network. This layer defines the path (the so-called transport route) through which the packets are sent to each other’s computers. The role of the network layer is to select a transmission route among many options when it is transmitted to and from the other computer through multiple computers or network devices.
The link layer (also known as the data link layer or network interface layer) handles the hardware part of the network that connects to it. It includes the device driver for controlling the operating system, hardware, NIC (Network Interface Card), optical fiber and other physical visible parts (and all transmission media such as connectors). Hardware categories are within the scope of the link layer.
C. TCP/IP traffic
When the TCP/IP protocol family is used for network communication, the communication with the peer party is hierarchical and sequential. The sender goes down from the application layer, and the receiver goes up from the application layer. The diagram below:
When transmitting data from layer to layer, the sender must print the header information of the layer every time it passes through the layer. The receiver, on the other hand, cancels out the corresponding headers as it passes from layer to layer.
(3) Protocols closely related to HTTP :IP, TCP and DNS
A. IP protocol used for transmission
By layer, the Internet Protocol (IP) is located at the network layer. The name InternetProtocol may sound like an exaggeration, but it is, because almost every system that uses a network uses the IP protocol. TCP/IP protocol family IP refers to the Internet protocol, the protocol name occupies half of the position, its importance can be seen. Some might confuse “IP” with “IP address”, which is actually the name of a protocol.
The FUNCTION of IP protocol is to send various packets to each other. All sorts of conditions need to be met to ensure that it actually reaches the other party. Two important conditions are IP Address and MAC Address. The IP address indicates the IP address assigned to the node, and the MAC address indicates the fixed IP address of the nic. An IP address can be paired with a MAC address. The IP address can be changed, but the MAC address is basically unchanged.
Use ARP to communicate by MAC address The communication between IP addresses depends on MAC addresses. On the network, it is rare for two parties to communicate in the same LAN, usually through multiple computers and network equipment to connect to each other. During the transfer, the MAC address of the next transfer device is used to search for the next transfer destination. In this case, AddressResolution Protocol (ARP) is used. ARP is a protocol used to resolve addresses. The MAC address can be traced based on the IP address of the communication party. No one has a complete picture of what’s going on over the Internet, and computers and routers and other network equipment can only get a rough idea of what’s going on before they reach their destination.
This mechanism, called routing, is a bit like a Courier company’s delivery process. People who want to send express, as long as their goods to the distribution center, you can know whether the express company is willing to accept the delivery, the distribution center of the express company to check the delivery address of the goods, clear the next station to which region of the distribution center. The distribution center in that area then decides whether it can be delivered to the other person’s home.
B. TCP to ensure reliability
Hierarchical TCP is located at the transport layer and provides reliable byte stream service. The so-called Byte Stream Service (Byte Stream Service) divides large chunks of data into data packets for easy transmission. A reliable transmission service is one that can transmit data accurately and reliably to the other party. In a nutshell, TCP splits up big data to make it easier to move it around, and TCP can make sure the data gets to each other. Make sure the data gets to the target.
TCP uses a three-way handshaking strategy to deliver data accurately to the destination. After sending a packet using TCP, TCP does not ignore the situation after transmission. It must confirm whether the packet was successfully delivered to the other party. 21 The TCP flag SYN (Synchronize) and ACK (Acknowledgement) is used in the handshake. See the article for details.
C. The DNS service is responsible for resolving domain names
The Domain Name System (DNS) service is a protocol at the application layer like HTTP. It provides domain name to IP address resolution service. Computers can be assigned IP addresses as well as host names and domain names. Such as www.hackr.jp.
Users usually use host names or domain names to access each other’s computers, rather than directly through IP addresses. That’s because it’s better to remember a computer name as a combination of letters and numbers than as a set of pure numbers for an IP address. But getting computers to understand names is relatively difficult. Because computers are better at processing long strings of numbers. In order to solve the above problems, DNS service came into being. The DNS provides the service of searching IP addresses by domain names or reverse-searching domain names from IP addresses.
2. Http protocol diagram
Open System Interconnection stands for Open System Interconnection.
OSI and TCP/IP mappings.
Diagram of OSI seven layers
3. DNS parsing instance
For example 1, visit www.baidu.com (using Wireshark for parsing).
First, open the Wireshark, configure DNS filtering criteria, and ping the Wiresharkwww.baidu.com. View the wireShare capture
First look at the first request in the common red box above, which is a DNS query request
Here we can see that there are five records. The corresponding relationship is as follows:
Frame
The first layer shows FrameXXX (XXX is the frame number). This level does not correspond to a layer specific protocol, but rather is a general summary of this message, describing some useful general information. As shown in the following figure, what is the length of the current sent packet and the protocol used? This is related to the following layers, and you can also see that the red box contains all the information about the current package, so this layer does not know the specific layer.
Ethernet II (Physical and Data Link layer)
Ethernet is the most common communication protocol standard used in local area networks. This standard defines the cable types and signal processing methods to be used in local area networks. This corresponds to the physical layer and the data link layer. Check out the image above if you look closelyOSI seven layers diagram. You can see that the second line in the bottom physical layer is the Ethernet frame, and you can see that this line goes straight to the IP. You can see the information about the Ethernet header (MAC address in Ethernet, also known as physical address), and the red box indicates that the header of this layer is packed with MAC address information. That’s what we talked about earlierTCP traffic flowThat corresponds.
IP Layer (Network layer)
Network protocols are located at the network layer and handle routing and packet transport in packet switched networks. The function of IP protocol is to send various packets to each other. All sorts of conditions need to be met to ensure that it actually reaches the other party. Two important conditions are IP Address and MAC Address. Up here we’ve got the MAC address, and here we need to get the IP address.
UDP layer (Transport Layer)
Is a simple datagram – oriented transport layer protocol. UDP does not provide reliability; it simply sends datagrams from applications to the IP layer, but there is no guarantee that they will reach their destination. UDP does not need to establish a connection between the client and the server before transmitting data packets, and there is no timeout retransmission mechanism, so the transmission speed is very fast. TCP will be covered in a subsequent article. Now that we have the IP address, we need to get the port number.
DNS Query (Application layer)
DNS is an application-layer protocol that transmits DNS packets based on TCP/IP. Finally send the DNS query information after all the previous efforts.
DNS query (return packet)
Now let’s look at the second piece of data, which is the result of the DNS query, and the result is similar to the analysis above, related MAC, IP address swap, because this is sent back from the destination, let’s just look at the DNS return. From the picture below, you can see that the prime minister has resolved WWW,baidu.com to www.a.shifen.com, and then www.a.shifen.com to two IP addresses. www.a.shifen.com: During DNS resolution, www.baidu.com is used as a Cname record (equivalent to an alias), and a mapping record from www.baidu.com to www.a.shifen.com is configured on the DNS server. www.a.shifen.com is mapped to the real IP information as A (address) record.
Address records resolve a domain name to an IP Address (Address), and CNAME records resolve a domain name to another domain name.
4. DNS search sequence
Find a cache
Browser cache:
The browser caches DNS records at a certain frequency. Chrome ://net-internals/# DNS view chormeDNS cache.
Operating system cache:
If you can’t find the DNS record you need in the browser cache, look for it in the operating system. The CMD command ipconfig /displaydns is used to view the DNS cache of the operating system.
Route cache:
Routers also have DNS caches.
Find the hosts file on the host
Windows host file path: C:\ Windows \system32\drivers\etc\hosts
Finding a DNS Server
ISP DNS server:
An ISP is an Internet Service Provider. An ISP has a DNS server to respond to DNS query requests.
Root server:
If the ISP’s DNS server cannot be found, it sends a request to the root server for a recursive query (the DNS server asks the root DNS server for the IP address of the.com DNS server, then the.com DNS server, and so on).
Reference:
- Blog.csdn.net/ahafg/artic…
- Blog.csdn.net/u011414200/…
- www.cnblogs.com/geaozhang/p…